Report - 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh

Report Overview

Visited public
2024-10-28 04:04:46
Tags
URL
6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Finishing URL
6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
IP / ASN
104.21.29.123
#13335 CLOUDFLARENET
Title
6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
videothumbs.me	unknown	2024-03-25	2024-03-25	2024-10-27	852 B	980 kB	188.114.97.1
uqqmj868.xyz	unknown	2024-09-24	2024-10-14	2024-10-21	497 B	814 B	188.114.96.1
xmlserving.mobagent.com	401604	2016-09-27	2017-09-10	2024-10-22	529 B	198 B	173.239.53.17
ieyri61b.xyz	unknown	2024-08-01	2024-10-23	2024-10-23	397 B	72 kB	172.67.207.46
epededonemile.com	unknown	2024-07-08	2024-10-14	2024-10-21	517 B	792 B	108.157.229.107
bf.burniecrepes.com	unknown	2024-03-09	2024-10-20	2024-10-27	524 B	1.2 kB	23.109.170.127
6oszwqmr.xyz	unknown	2024-07-30	2024-10-22	2024-10-22	7.6 kB	1.8 MB	104.21.29.123
be2719.rcr22.ams01.cdn112.com	unknown	2023-05-27	2023-05-27	2024-10-22	2.3 kB	296 kB	91.211.89.136

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed
2024-10-27	medium	6oszwqmr.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (24)

	URL	From	Size	First Seen	Last Seen
	ieyri61b.xyz/js/dwarf.js	ScriptElement	71 kB	2024-10-23	2024-10-28
Pretty URL ieyri61b.xyz/js/dwarf.js IP 172.67.207.46 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-23 13:39 Last Seen2024-10-28 09:07 Times Seen94 Hash 645c49c2f4d766a0f53aebc6f39c84be 2cf649c9048d567904389d8032e28f9b82e688f8 637717a3de6b2f9043510f3c9df0ea404eee6df9d6c99a528b4603c590858811 Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	139 B	2024-10-28	2024-10-28
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-28 04:04 Last Seen2024-10-28 04:04 Times Seen1 Hash 6b7a5e2049d46d77d598a90a2051f740 23a3f2be82a91ac850543bdecb9a8f433bad6c08 1c4135fc6d34d6344949671b527b22f7541accf6b6ba4fda0bf5d495f8ff82e1 Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	514 B	2024-04-13	2025-04-05
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-13 15:29 Last Seen2025-04-05 17:24 Times Seen460 Hash 9f65a1ea61c99521274aa8cae75cf64c 8f6c4b1e4d6b97ba85a557d2303f501cf834fe96 63d1ba1f37f9df17aa589c2b237b36897935faf9c1263c90b1baf149ea8374c1 Loading...

	bf.burniecrepes.com/iIvBZMNxuPF6/gVOEo	ScriptElement	8 B	2023-03-07	2025-04-25
Pretty URL bf.burniecrepes.com/iIvBZMNxuPF6/gVOEo IP 23.109.170.127 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10 Last Seen2025-04-25 13:22 Times Seen4605 Hash 74bcdb854ab16ca0977687a071ccface 3fc98dccf6a4c618323aacd44660d0c32d1e9016 f729e7b610069468cbe062a7821762c27a15271967ac88eae69a538d48c5a29b Loading...

	6oszwqmr.xyz/js/ls.js	ScriptElement	2.1 kB	2023-03-07	2025-04-23
Pretty URL 6oszwqmr.xyz/js/ls.js IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42 Last Seen2025-04-23 15:51 Times Seen581 Hash f6784d7271569579cbc7e508fddb3fbb 61be0722316952e865893972791486e26961cdda 96f2f3c87be4a0582def1b5e1e9e19aa0529adb7fd9277cede56c1eefd906d01 Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	202 B	2024-10-23	2024-10-28
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-23 06:24 Last Seen2024-10-28 09:07 Times Seen91 Hash 41391453b019db05ca990652b5075bef 4f559c1c6b1fe6789b8744ea742f9166b701ad05 3ca61764edcd256dedea08b377b9205ae61f1186a12bddc526730defd631f5e3 Loading...

	6oszwqmr.xyz/js/xupload.js	ScriptElement	11 kB	2023-03-07	2025-03-25
Pretty URL 6oszwqmr.xyz/js/xupload.js IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24 Last Seen2025-03-25 20:59 Times Seen494 Hash 2609e3a9490dcfe748407d3af317c472 af55b2b16e9190e09407f67ffae4ca705ea6f112 c3c7c3de97ef15965def93fc9317e82854b979aa1a7980fde49b873a04aab85d Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	258 B	2024-10-08	2024-12-31
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-08 13:07 Last Seen2024-12-31 19:38 Times Seen123 Hash 47e574848430ac650959aadf82894692 729fbfb3360326f829f4b8afdf84d025c4f414af 64cc090a104bd6938abcee688b92a8497ee32190bd9c277d80dcbf9ec74006a3 Loading...

	6oszwqmr.xyz/player/jw8_26/jwplayer.js?v=5.0.2	ScriptElement	111 kB	2024-04-13	2025-04-23
Pretty URL 6oszwqmr.xyz/player/jw8_26/jwplayer.js?v=5.0.2 IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 15:29 Last Seen2025-04-23 15:51 Times Seen490 Hash f91de142eed44442bad231961488c5d0 ea6c79968011a5b59e444d792f7ab048a1f7e31d b3031ee0f2674c203fe1400df12a96148c4bed344553fc9063c3846ba8466295 Loading...

	6oszwqmr.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3	ScriptElement	38 B	2023-03-07	2025-04-26
Pretty URL 6oszwqmr.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3 IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-04-26 00:38 Times Seen759 Hash 99eccae6afa72c589ae54b5c3890282a 0f102f8f5b556635de65d16cf70fa8269c6761b4 b74a58316385de04b054737776e71c160cd60d2d01b5440b32c21651fb0ab8d3 Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	111 B	2024-10-08	2024-10-28
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-08 13:07 Last Seen2024-10-28 09:07 Times Seen112 Hash 0e497e8a4bfbd18004add59c513be3ef 717ba09d7cb507ac12e973cc4bdccb4d905129d5 4fd443a904c4cc7f8547d369967b842fc3ab4a3f82a7202537260d2bfea9769a Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	4.4 kB	2024-10-22	2025-01-25
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-22 03:47 Last Seen2025-01-25 22:43 Times Seen115 Hash e9d6cd61779885b139cdf866708495b3 77842276411ba2576b8934238e485d87132d6d8e 68b45420627478f606328cde6fc6a868aac7328cfa5756b971a5d1e3bfd15df8 Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	43 B	2023-03-08	2025-04-23
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:46 Last Seen2025-04-23 15:51 Times Seen519 Hash 4f98cf8486a8beb4d2d271b8e9304216 112dd81cdd24e37a4554c9a5c5327b30a476acf8 77b18c051d8450512853f4643dd7ac0e4c3205b7ec4cd1373ca5ad0dd2f470c3 Loading...

	6oszwqmr.xyz/player/jw8_26/jwplayer.core.controls.js?v=2	ScriptElement	327 kB	2024-03-12	2025-04-23
Pretty URL 6oszwqmr.xyz/player/jw8_26/jwplayer.core.controls.js?v=2 IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-12 19:48 Last Seen2025-04-23 15:51 Times Seen753 Hash fee77850b6b254569cf03f43a4dfdde4 35841d306d3404fbef6825371ffdbcd992ade913 50b22ddf7e9cf49716e33660cc9de3c2bbf3cb90f203d8af93810f8f97bdee3f Loading...

	6oszwqmr.xyz/js/jquery.cookie.js	ScriptElement	4.3 kB	2023-03-07	2025-04-26
Pretty URL 6oszwqmr.xyz/js/jquery.cookie.js IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-04-26 00:38 Times Seen1561 Hash ae0c2c5d8f01f7d35bb698bb618a62f7 63556a22ddea1c5f23a5cf7d0b6d35c7aab54e20 75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	154 B	2023-03-08	2025-04-23
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:46 Last Seen2025-04-23 15:51 Times Seen516 Hash d882b49167571a8dc4de310e0b2e623d 426f496e1155dfab34840a7a467866838448c8d0 6dc67eafa621e57610ed67c02b1c0c5532e495dfe555dcade99fb81b6744899b Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	1.5 kB	2023-03-08	2025-01-20
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:46 Last Seen2025-01-20 03:59 Times Seen484 Hash 36e0f7e5e53c5804e2188799d503746b 6a1df181d1324e3bd50ce865861a990cbe185c7b 3685002591a539aa34044215aac57a04d32a0f485bdf1719223803c4a5198dcb Loading...

	6oszwqmr.xyz/js/bafsd.js	ScriptElement	14 kB	2024-10-04	2025-04-23
Pretty URL 6oszwqmr.xyz/js/bafsd.js IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-04 15:55 Last Seen2025-04-23 15:51 Times Seen233 Hash c2432aca90e92e0370d2ded2545eb1fa 8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb 89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5 Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	60 B	2023-03-07	2025-04-23
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:59 Last Seen2025-04-23 15:51 Times Seen516 Hash 47a7df3210911e27dfdc28583faa9264 fb289b528d31f67e951e5415dd4e0cfca739b654 f46f00646225f54664e4d7bb625fb06dbcfc86904826cd3382efa56c4d524ddc Loading...

	6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh	ScriptElement	6.6 kB	2024-10-28	2024-10-28
Pretty URL 6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-28 04:04 Last Seen2024-10-28 04:04 Times Seen1 Hash 32446661c22804596f878d4ac92924b4 ced46d0150c3ecb2806eb78bdc64f6130265e929 2cb2b17c949202970b7e2fb402ce2166ec0d77199e483f8244d97af399de17a7 Loading...

	6oszwqmr.xyz/player/jw8_26/provider.hlsjs.js?v=2	ScriptElement	423 kB	2024-04-13	2025-04-23
Pretty URL 6oszwqmr.xyz/player/jw8_26/provider.hlsjs.js?v=2 IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 15:29 Last Seen2025-04-23 15:51 Times Seen490 Hash 0f95e38aa7bb0943693b51bd6a7deed0 26c89f76894108f76ad23af32ecc6b1e708993ba 1b1263b7061aaca7fe0b69168b16cb2401a7fe2ada08ccfdd373ee06c7d125b1 Loading...

	6oszwqmr.xyz/js/jquery.js	ScriptElement	90 kB	2023-03-07	2025-04-26
Pretty URL 6oszwqmr.xyz/js/jquery.js IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-04-26 01:54 Times Seen201875 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	6oszwqmr.xyz/player/jw8/vast.js	ScriptElement	107 kB	2023-09-18	2025-04-23
Pretty URL 6oszwqmr.xyz/player/jw8/vast.js IP 104.21.29.123 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 06:50 Last Seen2025-04-23 15:51 Times Seen318 Hash 3cd85ca1814c3fd976764bf6b83b989d 90e931622205c6adfbc75cfe681563a127580f05 2e4fe3d8b3565a3f8b5ec0ecfe0e5f26a756401b6847dd475327793da41897f5 Loading...

		Size	First Seen	Last Seen
	#1 Eval - e9c2429294b3d9e07a752886e957b378	7.9 kB	2024-10-28 04:04	2024-10-28 04:04
Pretty Observations First Seen2024-10-28 04:04 Last Seen2024-10-28 04:04 Times Seen1 Hash e9c2429294b3d9e07a752886e957b378 a990fa87c7957a50eb3d7fbf65e7650b84368ff6 834fdf7785bc82db0310222b034f57a74892a550323654a21f5bb5f0524763c9 Loading...

HTTP Transactions (27)

URL IP Response Size

6oszwqmr.xyz/js/xupload.js

104.21.29.123

200 OK

6.4 kB

URL GET HTTP/3
6oszwqmr.xyz/js/xupload.js
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
JavaScript source, ASCII text
Size
6.4 kB (6426 bytes)
Hash
2609e3a9490dcfe748407d3af317c472
af55b2b16e9190e09407f67ffae4ca705ea6f112
c3c7c3de97ef15965def93fc9317e82854b979aa1a7980fde49b873a04aab85d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/xupload.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 04 Aug 2021 13:41:52 GMT
etag: W/"610a9920-2a73"
expires: Mon, 04 Nov 2024 01:10:13 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 10441
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jBLa2Q383%2FQ0QBzrnO0yyFgE2fwpmbEPZa77G7DF1PzDGye8ltENjnL2dcab%2B2T0Pqo3dOjtByx%2FmUnsShxGnL%2BCRTwinZkFURU6%2BJ77%2Bs20QsyGLM1SEmkld5Kh0mU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a638abfb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19277&sent=17&recv=13&lost=0&retrans=0&sent_bytes=4195&recv_bytes=3093&delivery_rate=33809&cwnd=12000&unsent_bytes=0&cid=f2631780d107e007&ts=186&x=1", cfExtPri, cfHdrFlush;dur=0

6oszwqmr.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3

104.21.29.123

200 OK

38 B

URL GET HTTP/3
6oszwqmr.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
ASCII text, with CRLF line terminators
Size
38 B (38 bytes)
Hash
99eccae6afa72c589ae54b5c3890282a
0f102f8f5b556635de65d16cf70fa8269c6761b4
b74a58316385de04b054737776e71c160cd60d2d01b5440b32c21651fb0ab8d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/dnsads.js?dfp=1&ad_code=2&adsrc=3 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 38
last-modified: Mon, 13 Sep 2021 15:50:14 GMT
etag: "613f7336-26"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 487848
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8lgOBnqHGjohNuxoERmc6wF4JsAtu5SRz5BbRy5pstV2sKMydoLhneqPBu9uXhFsOzgUAlLQLI3R7AhpIgVj0iaVMvYIucApQrFSjjE4yZW%2F6W%2FPBtUCNdwV99CmeXU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a639ac9b4fd-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19277&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16195&recv_bytes=3093&delivery_rate=33809&cwnd=12000&unsent_bytes=0&cid=f2631780d107e007&ts=190&x=1", cfExtPri, cfHdrFlush;dur=35

be2719.rcr22.ams01.cdn112.com/hls2/01/00019/p10j88y32hke_x/master.m3u8?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p=

91.211.89.136

200 OK

286 B

URL GET HTTP/1.1
be2719.rcr22.ams01.cdn112.com/hls2/01/00019/p10j88y32hke_x/master.m3u8?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p=
IP
91.211.89.136:443
ASN
#174 COGENT-174

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectbe2719.rcr22.ams01.cdn112.com
FingerprintAD:AD:6E:06:29:22:3F:58:96:5F:71:98:66:48:8D:A4:18:E3:98:B8
ValidityTue, 24 Sep 2024 19:53:21 GMT - Mon, 23 Dec 2024 19:53:20 GMT

File type
M3U playlist, ASCII text
Size
286 B (286 bytes)
Hash
3e40b64904f40865b51815dd0d8bc66b
7f0e034d9a244ddb2995f0549f9d4f4004389c87
fe78aae0aa0c8a36e70b9b9583c1cbc397776a477a14ee56cc3b18c31e63b357

HTTP Headers

GET /hls2/01/00019/p10j88y32hke_x/master.m3u8?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p= HTTP/1.1
Host: be2719.rcr22.ams01.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Oct 2024 04:04:14 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Mon, 28 Oct 2024 04:04:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 30 Oct 2024 04:08:19 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Content-Encoding: gzip

be2719.rcr22.ams01.cdn112.com/hls2/01/00019/p10j88y32hke_x/index-v1-a1.m3u8?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p=

91.211.89.136

200 OK

5.2 kB

URL GET HTTP/1.1
be2719.rcr22.ams01.cdn112.com/hls2/01/00019/p10j88y32hke_x/index-v1-a1.m3u8?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p=
IP
91.211.89.136:443
ASN
#174 COGENT-174

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectbe2719.rcr22.ams01.cdn112.com
FingerprintAD:AD:6E:06:29:22:3F:58:96:5F:71:98:66:48:8D:A4:18:E3:98:B8
ValidityTue, 24 Sep 2024 19:53:21 GMT - Mon, 23 Dec 2024 19:53:20 GMT

File type
M3U playlist, ASCII text
Size
5.2 kB (5247 bytes)
Hash
a0449e360983f248b0ae02120627c50e
7c40b7e22b655150d0b58efba103de830a59779e
a435294685963589a2e5c984a4a7347062dfc810fcf72f3de29b3bfcd54117d4

HTTP Headers

GET /hls2/01/00019/p10j88y32hke_x/index-v1-a1.m3u8?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p= HTTP/1.1
Host: be2719.rcr22.ams01.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Oct 2024 04:04:14 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Mon, 28 Oct 2024 04:04:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 30 Oct 2024 04:08:19 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Content-Encoding: gzip

be2719.rcr22.ams01.cdn112.com/hls2/01/00019/p10j88y32hke_x/encryption.key?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p=

91.211.89.136

200 OK

16 B

URL GET HTTP/1.1
be2719.rcr22.ams01.cdn112.com/hls2/01/00019/p10j88y32hke_x/encryption.key?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p=
IP
91.211.89.136:443
ASN
#174 COGENT-174

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectbe2719.rcr22.ams01.cdn112.com
FingerprintAD:AD:6E:06:29:22:3F:58:96:5F:71:98:66:48:8D:A4:18:E3:98:B8
ValidityTue, 24 Sep 2024 19:53:21 GMT - Mon, 23 Dec 2024 19:53:20 GMT

File type
data
Size
16 B (16 bytes)
Hash
050454d13d76c47713b010e0dbfe4697
da279ba02763fd540dc47b359b8e80192a494769
b3471ff5b7c063095cb857848848cdfa51f03e777fcd7a9c9696f6b4912d05f9

HTTP Headers

GET /hls2/01/00019/p10j88y32hke_x/encryption.key?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p= HTTP/1.1
Host: be2719.rcr22.ams01.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Oct 2024 04:04:14 GMT
Content-Type: application/octet-stream
Content-Length: 16
Connection: keep-alive
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Expires: Wed, 30 Oct 2024 04:08:20 GMT
ETag: "5f693e80-10"
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Accept-Ranges: bytes

be2719.rcr22.ams01.cdn112.com/hls2/01/00019/p10j88y32hke_x/seg-1-v1-a1.ts?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p=

91.211.89.136

200 OK

289 kB

URL GET HTTP/1.1
be2719.rcr22.ams01.cdn112.com/hls2/01/00019/p10j88y32hke_x/seg-1-v1-a1.ts?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p=
IP
91.211.89.136:443
ASN
#174 COGENT-174

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectbe2719.rcr22.ams01.cdn112.com
FingerprintAD:AD:6E:06:29:22:3F:58:96:5F:71:98:66:48:8D:A4:18:E3:98:B8
ValidityTue, 24 Sep 2024 19:53:21 GMT - Mon, 23 Dec 2024 19:53:20 GMT

File type
DOS executable (COM), start instruction 0xe9a77670 c8c32452
Size
289 kB (289152 bytes)
Hash
73089d95a5b5b37de417e18caa9b83fd
e080a422f5eed91536639b0c9e10e8001820c887
3095a821f885415ac6145d75f2c2e1dee3431e5e67c581b510faa784adcfa692

HTTP Headers

GET /hls2/01/00019/p10j88y32hke_x/seg-1-v1-a1.ts?t=mI2vDMQyqeuVpxz38speb6BTybp25i9HTnyzUS9g-b8&s=1730088253&e=10800&f=98812&srv=14&asn=50304&sp=5500&p= HTTP/1.1
Host: be2719.rcr22.ams01.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Oct 2024 04:04:14 GMT
Content-Type: video/MP2T
Content-Length: 289152
Connection: keep-alive
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Expires: Wed, 30 Oct 2024 04:08:20 GMT
ETag: "5f693e80-46980"
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Accept-Ranges: bytes

videothumbs.me/p10j88y32hke.jpg

188.114.97.1

200 OK

80 kB

URL GET HTTP/2
videothumbs.me/p10j88y32hke.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectvideothumbs.me
FingerprintC1:4F:45:F9:18:0B:29:97:8B:ED:6F:9D:8C:05:3F:CB:88:3E:D2:BF
ValidityWed, 18 Sep 2024 10:33:09 GMT - Tue, 17 Dec 2024 10:33:08 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 3017x3015, segment length 16, comment: "Lavc59.32.100", baseline, precision 8, 720x431, components 3
Size
80 kB (80329 bytes)
Hash
9dfb6cb7dcc71739b6889bd05caa39f5
2313cbcbb0554f9e8fd6f53c261739ed16cea571
87db86f80ff037867731ebb303acdcd7bed5f0558cbd9360deaf08072288558f

HTTP Headers

GET /p10j88y32hke.jpg HTTP/1.1
Host: videothumbs.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: image/jpeg
content-length: 80329
last-modified: Sat, 06 Aug 2022 02:53:09 GMT
etag: "62edd795-139c9"
expires: Sun, 10 Nov 2024 12:26:34 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynZYaoF2nisTp6l4ACpgONwFFjmIw8EdidEWIYMEPd6ejw0EVqo5HrkZnvBcmVVhmyguyaGK2DWoiilAUgcM2WaMZIsthUDPJtyFw2LfeWr4KkUrDKs2WIHAsgWyVAyPHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a676d55b51d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=21529&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3281&recv_bytes=1285&delivery_rate=262667&cwnd=254&unsent_bytes=0&cid=fa1cb7d5b5925288&ts=314&x=0"
X-Firefox-Spdy: h2

6oszwqmr.xyz/player/jw8_26/provider.hlsjs.js?v=2

104.21.29.123

200 OK

134 kB

URL GET HTTP/3
6oszwqmr.xyz/player/jw8_26/provider.hlsjs.js?v=2
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
JavaScript source, ASCII text, with very long lines (65143)
Size
134 kB (134188 bytes)
Hash
0f95e38aa7bb0943693b51bd6a7deed0
26c89f76894108f76ad23af32ecc6b1e708993ba
1b1263b7061aaca7fe0b69168b16cb2401a7fe2ada08ccfdd373ee06c7d125b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /player/jw8_26/provider.hlsjs.js?v=2 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 05 Apr 2024 14:57:50 GMT
etag: W/"6610116e-6742f"
expires: Tue, 29 Oct 2024 12:34:09 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 487805
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sg2s6haI5iBLJFDCej3iWYgRjhjtR8axD5u6D51O0KH2VG0OIqo4Oq6dVQRoSj2v6zonafvEylXWrvRMwcDWjztQKSxBKr24Bm4sPgaXXcZ6oBAheyRDhdcp%2FK9mSsU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a658c52b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20214&sent=223&recv=23&lost=0&retrans=0&sent_bytes=237553&recv_bytes=4532&delivery_rate=991411&cwnd=96000&unsent_bytes=0&cid=f2631780d107e007&ts=508&x=1", cfExtPri, cfHdrFlush;dur=0

6oszwqmr.xyz/dl?b=get_slides&length=7031&url=https://videothumbs.me/p10j88y32hke0000.jpg

104.21.29.123

200 OK

908 kB

URL GET HTTP/3
6oszwqmr.xyz/dl?b=get_slides&length=7031&url=https://videothumbs.me/p10j88y32hke0000.jpg
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
data
Size
908 kB (907481 bytes)
Hash
1eebf263b7b82ae8cccaa6dfa7cabcac
3b2391e13f897f96cb8b6c9cd539d9c32a5bbdc8
5d1d29f37bed64d75aaaf078eeea68763184797f40d7adb6a5a1d439b52ad88a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dl?b=get_slides&length=7031&url=https://videothumbs.me/p10j88y32hke0000.jpg HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: text/vtt
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-store
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pBTgYP8oaoL4UWi9KO%2B3ZNi6NTJazc0sWNL5vR0RIo58b5RPIbLiTUNCHDH7ndV34qWmtUrGM3Pyxgt2AqXpU9YLz56FCEmjMMBf0t3Qcs%2BFqYbo6orUsNOm3JZgl60%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a66cd73b4fd-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19066&sent=338&recv=30&lost=0&retrans=0&sent_bytes=370671&recv_bytes=5377&delivery_rate=22873&cwnd=190800&unsent_bytes=0&cid=f2631780d107e007&ts=871&x=1", cfExtPri, cfHdrFlush;dur=0

6oszwqmr.xyz/adcgi?id=72637193

104.21.29.123

504 Gateway Timeout

6.3 kB

URL GET HTTP/3
6oszwqmr.xyz/adcgi?id=72637193
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
HTML document, ASCII text, with very long lines (394)
Size
6.3 kB (6323 bytes)
Hash
97b37c2155ffb96a63c22e1d1a1bd3fe
73d109410a5802e54fa19772043986bb3a332d35
f5145a2b80c925aacf34156530e7a13c01d50778b18abbd5a77aa14b3e2a1d10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /adcgi?id=72637193 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 504 Gateway Timeout
date: Mon, 28 Oct 2024 04:04:15 GMT
content-type: text/html; charset=UTF-8
content-length: 6323
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YGqUc2AMMdSBasASGyfw08JbmkpDrMGLD%2Fv2watceUZ%2F03z0llIta9W7YZvM1EGXOkiPRRMmI5%2BTmBb7pnLJTefHEuSqMEnHhzfFDCMBzHIetQAsJcoP0M7%2BnXm5Ru8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 8d980a6ad86fb4fd-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18939&sent=348&recv=32&lost=0&retrans=0&sent_bytes=381173&recv_bytes=5696&delivery_rate=52760&cwnd=190800&unsent_bytes=0&cid=f2631780d107e007&ts=1481&x=1", cfExtPri, cfHdrFlush;dur=0

uqqmj868.xyz/

188.114.96.1

302 Found

0 B

URL GET HTTP/2
uqqmj868.xyz/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectuqqmj868.xyz
Fingerprint80:B4:6F:5F:E3:AB:82:94:A6:D1:DE:33:8A:98:26:6B:A3:88:64:8D
ValidityTue, 24 Sep 2024 06:01:54 GMT - Mon, 23 Dec 2024 06:01:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: uqqmj868.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 28 Oct 2024 04:04:23 GMT
content-type: text/html; charset=UTF-8
location: https://epededonemile.com/?fmon=1076465
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2Fj5mgAIBzyL44mLxuCHOFMYD0yEHneyjUUc4CYT1B1QrOIiOaW2lSru8cMzM9hiHi%2BJrH6Kv1CmgERDCn75Mo26O%2F3xMLvPXpDJV60WywQgZsIVEcwtqXGjFb8rRQY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d980a9bcc3056c9-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=17076&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3203&recv_bytes=1133&delivery_rate=251040&cwnd=253&unsent_bytes=0&cid=a5c41b3c17e07893&ts=75&x=0"
X-Firefox-Spdy: h2

xmlserving.mobagent.com/click?i=qbO9s3YakHk_0

173.239.53.17

302 Found

0 B

URL GET HTTP/1.1
xmlserving.mobagent.com/click?i=qbO9s3YakHk_0
IP
173.239.53.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectmobagent.com
Fingerprint66:16:02:82:6B:02:CE:98:88:70:AB:C5:92:94:7D:57:3E:C9:92:86
ValidityMon, 30 Sep 2024 06:42:56 GMT - Sun, 29 Dec 2024 06:42:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=qbO9s3YakHk_0 HTTP/1.1
Host: xmlserving.mobagent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6oszwqmr.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Oct 2024 04:04:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://bf.burniecrepes.com/iIvBZMNxuPF6/gVOEo

6oszwqmr.xyz/assets/css/jw8-theme.css?v=3.0.6

104.21.29.123

200 OK

5.4 kB

URL GET HTTP/3
6oszwqmr.xyz/assets/css/jw8-theme.css?v=3.0.6
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
ASCII text, with very long lines (938), with CRLF line terminators
Size
5.4 kB (5389 bytes)
Hash
218f1af32c959506efe281f39309d9a5
948fbcdba4275e13fc3e469a04df2d727aabdf4a
5425c5e4dfa36e386ee465a9fe20f61290bcd377fe3fd950164c5c6e16301593

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/jw8-theme.css?v=3.0.6 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 15:50:39 GMT
etag: W/"660d7acf-62a2"
expires: Thu, 31 Oct 2024 00:03:57 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 360017
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5JokzYZMyVde0Dzezs%2FPA%2BixVNKZ%2B8O4zyoXbPFe1gjj2UeoGmJ96IW%2BPfclCKtoQl2jSTtUo%2BJy1QYxsJt20xfi14ErLPYLz3bfLnIWXGMVhZyY%2FHuxLdqy1SoyzrE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a657c4fb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20214&sent=142&recv=23&lost=0&retrans=0&sent_bytes=141721&recv_bytes=4532&delivery_rate=991411&cwnd=96000&unsent_bytes=0&cid=f2631780d107e007&ts=497&x=1", cfExtPri, cfHdrFlush;dur=0

6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh

104.21.29.123

200 OK

16 kB

URL User Request GET HTTP/2
6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
JavaScript source, ASCII text, with very long lines (6638), with CRLF, LF line terminators
Size
16 kB (15682 bytes)
Hash
2987e2e66d8b59746da79a11f03cf108
0eacf7c91998aeb6ba8cd1571c912cf1c71a83ea
5cbe75cd3985cae31b4ea7f045da210058ba3814c240b8cdaa821233ca320e9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cwns/p10j88y32hke?referer=bflix.sh HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Oct 2024 04:04:13 GMT
content-type: text/html; charset=UTF-8
expires: Sun, 27 Oct 2024 04:04:13 GMT
set-cookie: lang=1; domain=.6oszwqmr.xyz; path=/; HttpOnly
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RGhfExHuvSuSThRQ%2FKWdJBR9ijO8lpI2W6UnFjCbNS8DYB7t7mgyJrnio8Q9gH%2FJjKK%2FJE5lEp1l5v%2FqAw94xMSxXHGKv5fHC%2FXsSXS6HStoqwQzRCQpFyfPC%2F4wBDA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d980a60cf1fb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19000&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3177&recv_bytes=1141&delivery_rate=216377&cwnd=253&unsent_bytes=0&cid=ba3a048392ac4c81&ts=276&x=0"
X-Firefox-Spdy: h2

6oszwqmr.xyz/player/jw8_26/jwplayer.core.controls.js?v=2

104.21.29.123

200 OK

327 kB

URL GET HTTP/3
6oszwqmr.xyz/player/jw8_26/jwplayer.core.controls.js?v=2
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type

Size
327 kB (326903 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /player/jw8_26/jwplayer.core.controls.js?v=2 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 09:09:34 GMT
etag: W/"660d1cce-4fcf7"
expires: Tue, 29 Oct 2024 12:34:09 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 487805
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n5xJdS8lHiEkhf4FgiLzuoQsi8fyZlSn3tSieECDBkamL0ZYNKtPBZ4sQ7Z%2BHnl3mTEpvLEV3FSLdqE5ILu1wR%2FM2M8skECoZHJZxdwbqoFL2K0l%2FpjGxjFO4s7u9Ek%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a657c4db4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20214&sent=148&recv=23&lost=0&retrans=0&sent_bytes=147887&recv_bytes=4532&delivery_rate=991411&cwnd=96000&unsent_bytes=0&cid=f2631780d107e007&ts=505&x=1", cfExtPri, cfHdrFlush;dur=0

6oszwqmr.xyz/player/jw8/vast.js

104.21.29.123

200 OK

107 kB

URL GET HTTP/3
6oszwqmr.xyz/player/jw8/vast.js
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107114 bytes)
Hash
3cd85ca1814c3fd976764bf6b83b989d
90e931622205c6adfbc75cfe681563a127580f05
2e4fe3d8b3565a3f8b5ec0ecfe0e5f26a756401b6847dd475327793da41897f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /player/jw8/vast.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 08 Sep 2022 10:34:42 GMT
etag: W/"6319c542-1a26a"
expires: Thu, 31 Oct 2024 23:54:11 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 274203
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8x09p7OSs2w29%2FsjbNr3RwbyWhbxLVM0TerwRiW2MYZ%2FjC3zrfOUUsGh1jl0PFQ7ujAHXOFa3hE8%2FaV70Y6LCyUlc%2FvJhANB06TRowkEIEvAB2Oj9pnL%2BR1JiwxulPY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a652c04b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20168&sent=111&recv=19&lost=0&retrans=0&sent_bytes=108022&recv_bytes=3591&delivery_rate=1106139&cwnd=96000&unsent_bytes=0&cid=f2631780d107e007&ts=443&x=1", cfExtPri, cfHdrFlush;dur=0

6oszwqmr.xyz/css/main.css?v=4

104.21.29.123

200 OK

49 kB

URL GET HTTP/3
6oszwqmr.xyz/css/main.css?v=4
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type

Size
49 kB (49212 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/main.css?v=4 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: text/css
last-modified: Thu, 26 Sep 2024 18:06:54 GMT
etag: W/"66f5a2be-c03c"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 487848
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zb3FLjWsrefM1EbS2OHYyYD5W%2F5I7bcKgyn2aflLvx6Si49gRQVJQpl0CM%2FlWUefJtzkoxJRCEBfMz4DDa5ivIaeTY52PELXGQiAkdhqkLxsO25uaUNdxWGxEyNjn9c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a638abdb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19277&sent=22&recv=13&lost=0&retrans=0&sent_bytes=9079&recv_bytes=3093&delivery_rate=33809&cwnd=12000&unsent_bytes=0&cid=f2631780d107e007&ts=187&x=1", cfExtPri, cfHdrFlush;dur=0

6oszwqmr.xyz/js/jquery.cookie.js

104.21.29.123

200 OK

4.3 kB

URL GET HTTP/3
6oszwqmr.xyz/js/jquery.cookie.js
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
JavaScript source, ASCII text, with very long lines (4427), with no line terminators
Size
4.3 kB (4331 bytes)
Hash
c8a0b7f16c38377537c6ab251cb5bc72
528e37de81abf523b92ce0b457cb593983ed347a
e31179e4a4fffc7faee4f95d4f67ce056d12a57c451dee1dae3e9062b126a00e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 May 2011 12:53:56 GMT
etag: W/"4de4e4e4-10eb"
expires: Sun, 03 Nov 2024 07:11:42 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 75152
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dUYSNo%2FToINuNPy0YwFVE4VurAfuDumLh8BJiEtnoEQab9LorRB7AWxXADqtDMz37IoKe%2BiTWS2eS%2BXuvUH3sEsXgHXSsQe6S%2Flbx047Vr4OytA1JEGXVYXk5K4Yes0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a638ac1b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19277&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16195&recv_bytes=3093&delivery_rate=33809&cwnd=12000&unsent_bytes=0&cid=f2631780d107e007&ts=192&x=1", cfExtPri, cfHdrFlush;dur=13

6oszwqmr.xyz/js/ls.js

104.21.29.123

200 OK

2.1 kB

URL GET HTTP/3
6oszwqmr.xyz/js/ls.js
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
JavaScript source, ASCII text, with very long lines (2079), with no line terminators
Size
2.1 kB (2063 bytes)
Hash
66b63b5fefbe179c0fd09e63c11b7e12
e657b7d46921bec0bcbd746339ccc03ef4690036
52eb05218aa889bcc3b78062d496c747a04db5126648bd3a57cf8c43e3039bf2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/ls.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 14 Feb 2023 11:28:54 GMT
etag: W/"63eb7076-80f"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 487848
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jCy3Y1cjkgmwJWuIdyywiMdFxTRGerTWyDs3f8%2BP0ekesj5%2Bh9BAjqADfMLV%2Bxy7mzVt8ox1T0R%2F4M1MfLj3kbL%2FXd91RrwvbXak1noAETop2Ynvvm4AiEvgg02Dk4Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a638ac5b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19277&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16195&recv_bytes=3093&delivery_rate=33809&cwnd=12000&unsent_bytes=0&cid=f2631780d107e007&ts=187&x=1", cfExtPri, cfHdrFlush;dur=18

6oszwqmr.xyz/player/jw8_26/jwplayer.js?v=5.0.2

104.21.29.123

200 OK

111 kB

URL GET HTTP/3
6oszwqmr.xyz/player/jw8_26/jwplayer.js?v=5.0.2
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type

Size
111 kB (111441 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /player/jw8_26/jwplayer.js?v=5.0.2 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 05 Apr 2024 14:58:43 GMT
etag: W/"661011a3-1b351"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 487848
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Psl20FpY3V94cE99ec77zvbv0NTlE5hDB%2BNTtNKUFsLlXc%2BjK7sBlNLnqhSWbES7O3xaQkLgLoTKst9wJF%2B5koJp%2FdTGhLIbdZuM2I1MLEkJ90%2FDTiUP%2FioM%2FtqFw2M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a639ac8b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19277&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16195&recv_bytes=3093&delivery_rate=33809&cwnd=12000&unsent_bytes=0&cid=f2631780d107e007&ts=194&x=1", cfExtPri, cfHdrFlush;dur=11

6oszwqmr.xyz/favicon.ico

104.21.29.123

200 OK

1.2 kB

URL GET HTTP/3
6oszwqmr.xyz/favicon.ico
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
f7b404d04734d64575f577b506c22a06
485d344ea5ace3529dd472f3fadaa621f046eaf5
c53b6a1e519b835191c058325f17d0f3ea15e1507ca47313c94cc54b68741500

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: image/x-icon
last-modified: Mon, 02 Feb 2015 19:26:28 GMT
etag: W/"54cfcf64-47e"
expires: Mon, 04 Nov 2024 00:15:40 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 13714
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QRD%2FDTc98CauM2AIjJB9islsd3hesFFhdCR7BMOQNl6XpHAelbpfhpTKBemhR%2FrBi8fzaHLvqIGV1sdl7roUbXjqe0UkMJD7wRJEtH1Z470%2FiTRknrskRk1wDOgF8os%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a65ec9ab4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19278&sent=336&recv=28&lost=0&retrans=0&sent_bytes=369574&recv_bytes=5016&delivery_rate=3690732&cwnd=190800&unsent_bytes=0&cid=f2631780d107e007&ts=563&x=1", cfExtPri, cfHdrFlush;dur=0

ieyri61b.xyz/js/dwarf.js

172.67.207.46

200 OK

71 kB

URL GET HTTP/2
ieyri61b.xyz/js/dwarf.js
IP
172.67.207.46:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectieyri61b.xyz
Fingerprint7C:03:59:1C:CB:57:4A:11:C0:F0:35:06:50:5D:94:B0:83:E1:C7:6A
ValiditySun, 29 Sep 2024 09:41:52 GMT - Sat, 28 Dec 2024 09:41:51 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
71 kB (70990 bytes)
Hash
645c49c2f4d766a0f53aebc6f39c84be
2cf649c9048d567904389d8032e28f9b82e688f8
637717a3de6b2f9043510f3c9df0ea404eee6df9d6c99a528b4603c590858811

HTTP Headers

GET /js/dwarf.js HTTP/1.1
Host: ieyri61b.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 07:44:38 GMT
etag: W/"6704e2e6-1154e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nm1I%2F2rxFoc6HeHMCAp8hcWXz4HYa861A1JVUlzGCo2zSay7OIVwvneMG3JIpd5EOHqMim4No3oQjBf32EosLkYbdgBmP2CpO6RGURA1OkZhuaOkclKGRE5sGwmiRwE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a64083b56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16508&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3203&recv_bytes=1024&delivery_rate=260744&cwnd=252&unsent_bytes=0&cid=d762f38a32ce4670&ts=42&x=0"
X-Firefox-Spdy: h2

6oszwqmr.xyz/js/bafsd.js

104.21.29.123

200 OK

14 kB

URL GET HTTP/3
6oszwqmr.xyz/js/bafsd.js
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
14 kB (13706 bytes)
Hash
c2432aca90e92e0370d2ded2545eb1fa
8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb
89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/bafsd.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 04 Oct 2024 05:52:43 GMT
etag: W/"66ff82ab-358a"
expires: Mon, 04 Nov 2024 02:51:23 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 4371
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wy%2B2vEolRzVPMJeweE04mK1BF8r%2FcY13XrkjBL1rfyk0mp4ObYwDDrycAqKMZTuLNm4yB1d0dN8lmKjiVQ6ep5YHq7hGoeHlHcs3RNz34PYPMaf%2BNu3mlOGqPiAA1cM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a639ac6b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19277&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16195&recv_bytes=3093&delivery_rate=33809&cwnd=12000&unsent_bytes=0&cid=f2631780d107e007&ts=189&x=1", cfExtPri, cfHdrFlush;dur=16

epededonemile.com/?fmon=1076465

108.157.229.107

302 Found

52 B

URL GET HTTP/2
epededonemile.com/?fmon=1076465
IP
108.157.229.107:443
ASN
#16509 AMAZON-02

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerAmazon
Subjectepededonemile.com
Fingerprint46:83:A9:71:37:5C:CA:E8:CC:04:0A:4C:B6:4D:C4:FF:85:97:F1:1B
ValidityTue, 08 Oct 2024 00:00:00 GMT - Thu, 06 Nov 2025 23:59:59 GMT

File type

Size
52 B (52 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?fmon=1076465 HTTP/1.1
Host: epededonemile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6oszwqmr.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://xmlserving.mobagent.com/click?i=qbO9s3YakHk_0
date: Mon, 28 Oct 2024 04:04:23 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=16aed80e-b167-4753-bbcc-12dd0376b075
x-cache: Miss from cloudfront
via: 1.1 1d542b221a74ce095eec8b4baabd68ca.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: Qh03XaMhbC2pT4uxfz6XRGshMD7ttFybRVrzsbnn2Pi3jT2sPrYDZA==
X-Firefox-Spdy: h2

bf.burniecrepes.com/iIvBZMNxuPF6/gVOEo

23.109.170.127

200 OK

52 B

URL GET HTTP/1.1
bf.burniecrepes.com/iIvBZMNxuPF6/gVOEo
IP
23.109.170.127:443
ASN
#7979 SERVERS-COM

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectbf.burniecrepes.com
Fingerprint8B:8A:91:EB:F7:F0:29:2E:93:43:A5:8E:99:E4:48:65:20:06:30:36
ValiditySun, 29 Sep 2024 22:53:28 GMT - Sat, 28 Dec 2024 22:53:27 GMT

File type
HTML document, ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
86733bb66fb84b851592d733e51f0cbd
42eaf19a5ca195667a9212b0ea3557eee76954a8
927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d

HTTP Headers

GET /iIvBZMNxuPF6/gVOEo HTTP/1.1
Host: bf.burniecrepes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6oszwqmr.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Oct 2024 04:04:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Tue, 29-Oct-2024 04:04:24 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Tue, 29-Oct-2024 04:04:24 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

6oszwqmr.xyz/js/jquery.js

104.21.29.123

200 OK

90 kB

URL GET HTTP/3
6oszwqmr.xyz/js/jquery.js
IP
104.21.29.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
etag: W/"603e8adc-15d9d"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 487848
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FyPVEvO2DcBsSYrbKEM1NREyuuhCCP%2B0CHCK2OQn7A2nDoJCn3L%2BIvEpLOWegYyN13zWfhS8ZTFMCKm2K4XN5wQvkHHwE6o%2B1GHiUprluVe5gX5ferPGJrNhIEHiDrQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a638abeb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19277&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16195&recv_bytes=3093&delivery_rate=33809&cwnd=12000&unsent_bytes=0&cid=f2631780d107e007&ts=188&x=1", cfExtPri, cfHdrFlush;dur=16

videothumbs.me/p10j88y32hke0000.jpg

188.114.97.1

200 OK

898 kB

URL GET HTTP/2
videothumbs.me/p10j88y32hke0000.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6oszwqmr.xyz/cwns/p10j88y32hke?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectvideothumbs.me
FingerprintC1:4F:45:F9:18:0B:29:97:8B:ED:6F:9D:8C:05:3F:CB:88:3E:D2:BF
ValidityWed, 18 Sep 2024 10:33:09 GMT - Tue, 17 Dec 2024 10:33:08 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2000x1120, components 3
Size
898 kB (897853 bytes)
Hash
9c98c4fbe946eaf71605e0ae2040af03
85a2f13eb01ead2c811c2f410714f811f6f19a5b
f5d2e5649c9352969cd029305befc9398c77e1dce960017beb5c77d64f1dfabd

HTTP Headers

GET /p10j88y32hke0000.jpg HTTP/1.1
Host: videothumbs.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Oct 2024 04:04:14 GMT
content-type: image/jpeg
content-length: 897853
last-modified: Sat, 06 Aug 2022 02:53:10 GMT
etag: "62edd796-db33d"
expires: Sun, 10 Nov 2024 12:26:34 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hclEPEXonvQmtyqtXQSDcAIvg39%2FisbUzK4g3EgX8lI3qyH0WHxh1y9CzlBGpu8xeJJ7%2BlPgyKQO7W67vRMVODGlAWQdZPCTkTE3RoybyNR1tUdwbJn0rYrTYwIU7X6TsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d980a681dceb51d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16921&sent=68&recv=35&lost=0&retrans=0&sent_bytes=85399&recv_bytes=1285&delivery_rate=1077627&cwnd=257&unsent_bytes=0&cid=fa1cb7d5b5925288&ts=351&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by